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DETAILED ACTION 

Claims 1-17 and 19-30 are pending. Claims 1, 19-23 and 30 are amended. 
Claim 18 is cancelled. 

Response to Arguments 

Applicant's arguments, see page 10 section II, filed 06/18/2007, with respect to 
the rejection(s) of claim(s) 1-30 under 102(e) have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Gong. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1 are rejected under 35 U.S.C. 102(e) as being anticipated by Gong et al. 
hereafter Gong (US 7,076,801). 

Regarding claims 1, 23, and 30: 

Gong discloses a method for automated adaptive reprovisioning of servers under 
security assault, the method comprising: 
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detecting a security assault or a possible security assault on a first server 
(column 6 lines 63-67; intrusion sensors 50 detect signs of attack in the network and its 
components); and 

reprovisioning by automatically creating a new server instance with a desired 
new server configuration to perform at least one of the tasks performed by said first 
server, wherein said desired new server configuration for said new server instance is 
selected from a plurality of new server configurations (column 7 lines 30-43, the 
adaptive reconfigurer 60 generates new configurations for the system as necessary and 
may include changing the level of access control, degrees of redundancy or isolation, 
increased sensitivity, or alerting network components). , 

Regarding claims 2 and 24: 

Gong discloses the method of claims 1 and 23, wherein said detecting comprises 
determining if said first server is a candidate for reprovisioning, because of properties or 
behavior that suggest its security has been compromised or is likely to be compromised, 
or its functioning otherwise unacceptably impaired, by a security assault (column 7 lines 
30-43, the adaptive reconfigurer evaluates any intrusion threats, compares them to the 
tolerance objectives and any cost or performance impact, and generates new 
configurations). 

Regarding claims 3 and 25: 

Gong discloses the method of claims 1 and 23, wherein said reprovisioning 
comprises automatically bringing up said new server instance, or otherwise making 
available said new server instance to customers or other users of said first server 
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(column 7 lines 54-66, functions and resources devoted to nonessential services can be 
reallocated to the delivery of essential services (creating a new server instance), making 
users unaware of a degradation). 
Regarding claims 4 and 26: 

Gong discloses the method of claims 1 and 23, further comprising bringing down 
said first server prior to said reprovisioning (column 7 lines 37-43, isolation is 
considered by examiner as bringing down the first server (the server under attack) as 
the server is no longer available to the clients). 

Regarding claims 5 and 27: 

Gong discloses the method of claims 1 and 23, wherein said new server instance 
brought up in said reprovisioning differs from said first server in at least one parameter 
(column 7 lines 30-53, any alteration to the previous configuration of the server instance 
causes the new server instance to differ in at least one parameter). 

Regarding claims 6 and 28: 

Gong discloses the method of claims 1 and 23, wherein a difference between 
said new server instance and said first server is responsive to whether or not other 
security incidents have been detected in a network to which said servers are coupled 
(column 7 lines 30-37, using the information it receives from the intrusion sensors, 
acceptance monitors, ballot monitors and proxy servers, the reconfigurer generates new 
configurations as necessary; column 5 line 60-column 6 line 6, the ballot monitors 
receive results of the applied acceptance test and determines a preferred response 
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based on the current level of detected security and the designated intrusion tolerance 
strategy). 

Regarding claims 7 and 29: 

Gong discloses the method of claims 1 and 23, wherein a difference between 
said new server instance and said first server is responsive to a nature of any other 
security incidents that have been detected in said network to which said servers are 
coupled (column 7 lines 30-37, the configurer receives information from intrusion 
sensors, acceptance monitors, ballot monitors, and proxy servers and generates new 
configuration's as necessary). 

Regarding claim 8: 

Gong discloses the method of claim 1 , wherein a difference between said new 
server instance and said first server is responsive to a probable compromise or a 
functional impairment observed in said detection (column 7 lines 46-53, the configurer is 
capable of reconfiguring the network connections in response to a predetermined 
condition to support a desired security level. This may be triggered by the intrusion 
sensor or set in advance if a hostile environment is anticipated (probable compromise)). 

Regarding claim 13: 

Gong discloses the method of daim 1 , wherein a difference between said new 
server instance and said first server includes a degree of function offered to users by 
said servers (column 7 lines 30-43, configurer changes the level of access control 
imposed on clients). 

Regarding claim 14 and 15: 
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Gong discloses the method of claim 1 , wherein said new server instance brought 
up in said reprovisioning differs from said first server only if more than a fixed number of 
instances of probable server compromise have been observed and wherein a difference 
between said new server instance and said first server is responsive to a number of 
probable server compromises that have been observed (column 7 lines 30-37, based on 
the information received the reconfigurer generates new configurations for the system; it 
is inherent that there is at least one or more instances that cause a new configuration). 

Regarding claim 16. 

Gong discloses the method of claim 1 , wherein said server comprises a 
computer providing services through a network (figure 1 and column 4 lines 6-10, the 
proxy servers represent public access points to clients via communication lines 4). 

Regarding claim 17: 

Gong discloses the method of claim 1 , wherein said server comprises a program 
running on a network-coupled computer, providing services through a network (column 
4 lines 6-10, services such as military command and control or a transaction processing 
system for an e-commerce site; it is inherent that servers are a computer consisting of a 
processor, volatile storage, and a non-volatile storage device). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 9-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gong as applied to claim 1 above, and further in view of Agha. 

Gong discloses the method of claim 1 , but not teach the difference between said 
new server instance and said first server includes a version of operating system 
software used by said servers. Agha teaches updating program code wherein program 
code "generally includes the operating system of the computer' system, as well as any 
lower-level program code utilized by the computer system, including microcode, basic 
input/output system (BIOS) program code, kernel program code, startup program code, 
etc" (Agha, column 1 lines 18-22). Changing strength of encryption would have been 
obvious to one of ordinary skill in the art in order to further protect the server's incoming 
and outgoing communications. It would have been obvious to one of ordinary skill in the 
art to combine the reprovisioning method of Gong with the method for updating program 
code of Agha in order to update the system (Agha, column 1 lines 6-9). 

Claims 18-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gong as applied to claim 1 above, and further in view of Burnett. 

Gong discloses the method of claim 1 , but does not disclose selecting said new 
server instance from a plurality of new server configurations. Burnett discloses 
selecting a configuration from a configuration database, 135, in paragraph 0049. Using 
a table and randomly selecting the configuration are obvious variations of selecting the 
new server configuration and one of ordinary skill in the art could have used one over 
the other. Examiner interprets claim 22 as selecting from a table after a number of 
times a server has been subject to probable compromise (in the reference, the number 
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of times is equal to one). It would have been obvious to one of ordinary skill in the art to 
combine the method of Gong for reprovisioning a server with the configuration database 
of Burnett in order to store all of the configurations. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to James Turchen whose telephone number is 571-270- 
1378. The examiner can normally be reached on MTWRF 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 )272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



JRT 
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